Changes between Version 2 and Version 3 of secure_boot
- Timestamp:
- 04/07/2021 03:07:11 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
secure_boot
v2 v3 20 20 21 21 22 == Secure the U-Boot Environment23 For a secure U-Boot environmentyou want to disable the ability to stop autoboot and get to a U-Boot console. Additionally you do not want to use env variables that can be used by an attacker to affect the boot sequence.22 == Secure U-Boot 23 For a secure U-Boot you want to disable the ability to stop autoboot and get to a U-Boot console. Additionally you do not want to use env variables that can be used by an attacker to affect the boot sequence. 24 24 25 25 To do this you need to understand where U-Boot env comes from: … … 72 72 * use U-Boot 'mkenvimage' on your development host to create a binary FLASH env that sets necessary defaults for any writeable vars you declare 73 73 74 For additional details on securing U-Boot see the following excellent presentation by F-Secure: 75 * https://labs.f-secure.com/assets/BlogFiles/2020-05-u-booting-securely-wp-final.pdf 74 76 75 77 == Securing the Kernel, FDT, ramdisk via FIT images
